bitrat | 8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e | Triage

Submit
Reports

Overview

overview

Static

static

8c6cf25734...0e.msi

windows7_x64

8

8c6cf25734...0e.msi

windows10-2004_x64

Sharing

General

Target

8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi
Size

2.1MB
Sample

220116-x2zqksgccr
MD5

2db9ee63581f0297d8ca118850685602
SHA1

244c7008be6f767f0f31a341fe0e70fa2e9a5399
SHA256

8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e
SHA512

58cf0bdfe777ffcb01f9795d859f2daa9cb77d7587d1f054d8f5a0d456289d36e3c155fa6d6f5f4d47ef742a7038c3fa98b27093d6394e5db31cb5854ff5c8ff

Score

10^/10

bitrat trojan

Static task

static1

Behavioral task

behavioral1

Sample

8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi

Resource

win10v2004-en-20220112

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bitrat

Version

1.38

C2

idegasbre.ddns.net:1312

Attributes

communication_password
61bf8edd6e339f90f18f7860fe4c0939
tor_process
tor

Targets

- Target
  
  8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e.msi
- Size
  
  2.1MB
- MD5
  
  2db9ee63581f0297d8ca118850685602
- SHA1
  
  244c7008be6f767f0f31a341fe0e70fa2e9a5399
- SHA256
  
  8c6cf25734d89865f9aaa5dea926d6dcb66558ac0493248237c36474b1d3bd0e
- SHA512
  
  58cf0bdfe777ffcb01f9795d859f2daa9cb77d7587d1f054d8f5a0d456289d36e3c155fa6d6f5f4d47ef742a7038c3fa98b27093d6394e5db31cb5854ff5c8ff
Score

10^/10

bitrat trojan
- BitRAT
  BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
  trojan bitrat
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy